TuSimple is halting US self-driving truck ops, pivoting to Asia-Pacific (China, Japan, Aus). Cites favorable supply chains/regulations there. Follows US job cuts, Nasdaq delisting, and a government probe fallout.

#AutonomousVehicles #TuSimple #SupplyChain

Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware

Slow Pisces, a North Korean state-sponsored threat group, is targeting cryptocurrency developers through LinkedIn with malicious coding challenges. The group impersonates recruiters and sends malware disguised as project tasks, infecting systems with RN Loader and RN Stealer. Their campaign uses GitHub repositories containing adapted open-source projects in Python and JavaScript. The malware employs YAML deserialization and EJS rendering to execute arbitrary code from command-and-control servers. Slow Pisces has reportedly stolen over $1 billion from the cryptocurrency sector in 2023, using various methods including fake trading applications and supply chain compromises. The group's operational security is noteworthy, with payloads existing only in memory and deployed selectively.

Pulse ID: 67fd5a2e0a1353fab9d93ea5
Pulse Link: https://otx.alienvault.com/pulse/67fd5a2e0a1353fab9d93ea5
Pulse Author: AlienVault
Created: 2025-04-14 18:55:42

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #GitHub #InfoSec #Java #JavaScript #Korea #LinkedIn #Malware #NorthKorea #OTX #OpenThreatExchange #Python #RAT #RCE #SupplyChain #bot #cryptocurrency #developers #AlienVault

New supply chain attacks called "slopsquatting" in AI coding attempts to leverage AI models tendency to hallucinate non-existent package names.

Research indicates roughly 20% of the sampled Python and JavaScript code samples recommended packages didn't exist.

https://www.bleepingcomputer.com/news/security/ai-hallucinated-code-dependencies-become-new-supply-chain-risk/ #slopsquatting #hallucinations #AI #coding #supplychain #python #javascript #cybersecurity

Atomic and Exodus crypto wallets targeted in malicious npm campaign

A malicious npm package named pdf-to-office was discovered targeting cryptocurrency wallets. The package, posing as a PDF to Office converter, injects malicious code into locally installed Atomic and Exodus wallets. This attack modifies legitimate files to redirect crypto funds to the attacker's wallet. The campaign shows persistence, as removing the malicious package doesn't remove the injected code from the wallets. Multiple versions of both wallets were targeted, with the attackers adapting their code accordingly. This incident highlights the growing scope of software supply chain risks, particularly in the cryptocurrency industry, and emphasizes the need for improved monitoring of both source code repositories and locally deployed applications.

Pulse ID: 67fd41f7af4b02a0fd75fb69
Pulse Link: https://otx.alienvault.com/pulse/67fd41f7af4b02a0fd75fb69
Pulse Author: AlienVault
Created: 2025-04-14 17:12:23

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Atomic #CyberSecurity #InfoSec #NPM #OTX #Office #OpenThreatExchange #PDF #RCE #SupplyChain #bot #cryptocurrency #AlienVault